> Exactly. Thank you very much for your comments. I also think that we need to deal with problem you pointed out.
Not all want crypto agility because it involves costs. However, the reverse is also true as you agreed. I think that we can solve the concern and recommend cipher suites for crypto agility by specifying rational and minimal set of cipher suites with alternative algorithms as "optional" It prevents developers who need crypto agility from preparing insecure algorithms. What do you think about it? > Because you cannot force developers to implement algorithms that they > do not want to. You cannot force developers to implement algorithms > they have barely heard of, such as those that are have good support > in basically only one nation or basically only in system environment > (hardware or software). I proposed candidates for alternative algorithms which require criteria including wide implementations and public documents in standardizing organizations and estimations by trusted organizations. So I believe that it is not fact that developers do not want to implement these candidates and have barely heard of them. What do you think about it? (2014/08/05 23:17), Paul Hoffman wrote: > On Aug 5, 2014, at 3:19 AM, Kohei Kasamatsu <[email protected]> > wrote: > >> You mean that if protocols have multiple mandatory-to-implement (MTI) >> algorithms some of these MTI algorithms are not implemented and it >> causes interoperability failures? > > Exactly. >>> Clearly, TLS needs to have crypto agility in case of crypto failures, >>> but the current BCP does not prevent that. >> >> Why cannot "current" BCP prevent that? > > Because you cannot force developers to implement algorithms that they do not > want to. You cannot force developers to implement algorithms they have barely > heard of, such as those that are have good support in basically only one > nation or basically only in system environment (hardware or software). > > --Paul Hoffman > -- Kohei KASAMATSU NTT Software Corporation TEL: +81 45 212 7908 FAX: +81 45 212 9800 E-mail: [email protected] _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
